RemoteApp allows you to make programs that are accessed remotely through Azure appear as if they are running on the end user’s local device.  Instead of  the situation where they would typically connect to a Remote Desktop Session and then run the app on the desktop of the host.
Supports Windows, Mac, iOS, Android and Windows RT.
There are two types of deployments for RemoteApp
Cloud based deployment which hosts the app and its data in Azure
Hybrid based deployment which hosts the app in Azure but the data resides within your network instead of the cloud
Typical scenarios where you might consider using Azure RemoteApp include
Mobile, home, or branch based employees
If you need to run multiple versions of the same app (like Access)
VDI replacement or supplementation
Shared computers such as labs, kiosk, customer service, hotelling, temporary employees
JONATHAN ZDZIARSKI presented how all iOS devices are running Apple created, undocumented, hidden services, that allow access to all data on your device, even encrypted data. Â His slides are available here. Â Below I have summarized some of the more interesting parts and tried to put them in less technical terms.
HighlightsÂ
Apple has worked hard to make iOS devices reasonably secure against typical attackers
Apple has worked hard to ensure that Apple can access data on end-user devices on behalf of law enforcement
Almost all native application / OS data is encrypted with a key
As of iOS 7, third party documents are encrypted, but Library and Caches folders are usually not
Once the device is first unlocked after reboot, most of the encrypted data can be accessed until the device is shut down
The undocumented services running on every iOS device help make this possible
Your device is almost always at risk of spilling all data, since itâs almost always authenticated, even while locked
Undocumented Services Overview
Accessed through lockdownd, requiring pairing authentication
iOS 7 trust dialog helps, but third party accessories are making people stupid again
Bypasses âBackup Encryptionâ mechanism provided to users
ÂCan be accessed both via USB and wirelessly (WiFi, maybe cellular); networks can be scanned for a specific target
ÂIf device has not been rebooted since user last entered PIN, can access all data encrypted with data-protection (third party app data, etc)
ÂOther (more legitimate) services enable software installation, APN installation (adding proxy servers) for continued monitoring
A number of commercial law enforcement forensic manufacturers have started tapping these services:
ïĄ Cellebrite
ïĄ AccessData (Mobile Phone Examiner)
ïĄ Elcomsoft
A number of private tools and source are out there as well to take advantage of these services
Ransomware on your iPhone? Â Oh my! Â Using your own iOS pictures for blackmail? OH MY!!
The undocumented and hidden services your i-device is running that Apple never told you about
Very intentionally placed by Apple and intended to send data from the device by request
Can collect data from the phone that user has deleted but still remains on the device because the memory has not been reused yet
This undocumented, hidden service can collect and send any and all data on your device, including data you probably didn’t know your device even kept but the list is too long to include
Second Service: com.apple.mobile.house_arrest
Allows access to the Library, Caches, Cookies, Preferences folders as well
These folders provide highly sensitive account storage, social/Facebook caches, photos and other data stored in âvaultsâ, and much more
Additional services:
com.apple.iosdiagnostics.relay Provides detailed network usage per-application on a per-day basis
com.apple.mobile.installation_proxy Given an enterprise certificate, can use this to load custom software onto the device (which can run invisibly and in the background)
com.apple.syslog_relay Syslog, provides a lot of details about what the device is doing, and often leaks user credentials from 3rd party apps via NSLog()
Already documented and fairly public method of using these undocumented servicesÂ
DROPOUTJEEP – a software implant for iPhones that allows for the ability to remotely copy or place files on a device, retrieve text messages, contacts, voicemail, location information, turn on mic, camera, cell tower location. Â Requires “close access” for implant, which means they don’t need to physically touch the device bluetooth or WiFi might be ‘close enough’. Â Data extraction is done over GPRS (cellular essentially) or through text messaging. Â Ironically all communication with the implant is “covert and encrypted”.
If you want to prevent some of these attack surfaces there is a simple and free solution from Apple called Apple Configurator that will allow you to prevent it from pairing with other devices.